Data Model for Groups

Some properties are common and might be used across all groups.

Data types

The basic types are inherited from VOOT/SCIM

The data types that are currently used are:

  • String
  • Boolean
  • DateTime

In Dataporten multi-valued attributes are listed as JSON lists ["one", "two", "three"].

An additional data type, translatable string is defined in VOOT:

Translatable String
The content may be an untranslated basic string, in an undefined language. Alternatively, the content is an object with the property keys being ISO 639-1 Language Codes. The values are the translated values into that language.

Example of a translatable string

{
	"en": "Group",
	"nb": "Gruppe"
}

Group

Required properties

id
A unique string identifier representing this group. This identifier should not be used by humans, only systems.
Datatype: SCIM String
displayName
A translatable string giving the group a human friendly name. The name is supposed to give a clear meaning for users setting up access control.
Datatype: Translatable String

The simplest example of a group containing only required parameters:

{
	"id": "8878ae43-965a-412a-87b5-38c398a76569",
	"displayName": "Project on group APIs"
}

Optional properties

description
A textual description of the group (optional). It may be translated as well.
Datatype: SCIM String
type
A pointer to a group type (optional). Default group is voot:default.
Datatype: SCIM String
parent
A pointer to another group. The linking does not imply any specific semantics on the relationship between the two groups, but it allows for building up hierarchical visual representations of the list of groups a user is member of.
Datatype: SCIM String
notBefore
The group did not exist before this date.
Datatype: SCIM DateTime
notAfter
The group is deleted or not valid after this date.
Datatype: SCIM DateTime
public
A boolean flag indicating whether the existence of this group and the basic group information is publicly available. Users may search and use groups in setting access control, even if they are not member of a group.
Datatype: SCIM Boolean
active
A boolean flag indicating whether the group is currently active. When set to false it will cause the group to not show up on compact group lists.
Datatype: SCIM Boolean
membership
If used in the context of a user's membership to this group, the property may contain the embedded membership object. See below for more details about the membership object.

Membership

The simplest representation of a group membership is an empty object, which tells that the user is member of the group, but does not give any more details than that:

{}

An optional property basic is recommended to use to indicate the most basic level of roles. For each group type, it should be described how the more complex role model within that group type is projected into the basic.

There are three legal values of basic:

  • member is regular members. This is the default role if no explicit value is provided.
  • admin is an abstract role of super members, having some kind of additional permissions. In example, the admin may invite or add other members, moderate content in a group or anything else.
  • owner is given a special meaning in the ad hoc scenario, where groups are created by a person, which then is the owner of the group.

The following properties are optional.

basic
The basic membership role of the current user (optoinal). Default value is member.
Datatype: SCIM String
displayName
A human readable description of the membership role.
active
May be set to false to indicate that the user is a passive member of the group. See group and membership states.
Datatype: SCIM Boolean
notBefore
The group did not exist before this date.
Datatype: SCIM DateTime
notAfter
The group is deleted or not valid after this date.
Datatype: SCIM DateTime
may
An object of permissions that a user may or may not have related to the group. In example a user may be allowed to edit, manage, invite or delete a group.
groupID
If the membership object is used stand alone, and there is no implicit relation to a given group, the group may be referred to by using this property.
Datatype: SCIM String

Specific group types may define additional properties on the membership object.

An example of a membership may look like this:

{
	"basic": "admin",
	"displayName": {
		"en": "Teacher",
		"nb": "Lærer"
	},
	"course_role": 	"teacher",
	"notBefore": 	"2014-01-01T12:00:00Z",
	"notAfter": 	"2014-08-01T12:00:00Z",
	"active": 	true,
	"groupId": "courses:university_edu:m201"
}

Organization

An organization can be any kind of organization, including school, university, or other educational institutions.

These groups are based upon information defined in norEdu.

Group attributes

Attributes from VOOT Core.

type
fc:org
id
A unique identifier of the organization.
In Dataporten, for all groups populated from the eduOrg objects, these are generated in the following form: fc:org:{realm}, in example fc:org:uninett.no. For all orgunit, this identifier is generated in the following form: fc:org:{realm}:unit:{norEduOrgUnitUniqueIdentifier}, in example: fc:org:uninett.no:unit:no876326125
Identifiers generated from eduOrg attributes are trimmed and lowercased.
orgType
Valid types:
higher_education
Institution in higher education
primary_and_lower_secondary_owner
Municipality, primary school owner ("kommune, eier av grunnskole")
upper_secondary_owner
County, upper secondary school owner ("fylkeskommune, eier av videregående skole")
upper_secondary
Upper secondary school ("videregående skole")
primary_and_lower_secondary
Primary and lower secondary school ("Barne og / eller ungdomsskole")
parent
Indicates that the organization is part of another organization. The parent attribute value MUST include an ID of another organization. Typically in Dataporten, the parent attribute is always populated on group objects that are obtained from an eduOrgUnit, where it points to the corresponding eduOrg object. In example: «Frogner VGS» (orgunit) puts «Oslo Kommune» (org) as a parent.
displayName
A human friendly name of the organization. Obtained from eduPersonOrgDN:o
Datatype: Translatable String
description
is a textual description of the group (optional). It may be translated as well.
Leave out this field rather than replicate the name of the organization.
Datatype: SCIM String
public
This flag will always be true for organizations.
Is a boolean flag indicating whether the existence of this group and the basic group information is publicly available. Users may search and use groups in setting access control, even if they are not member of a group.
Datatype: SCIM Boolean
active
Will always be true for existing, real organizations.
Will be set to false to indicate organizations that do not exist anymore. In example, when two institutions are merged. The old one may be preserved with a active=false flag for some time to deal with existing access policies.
Datatype: SCIM Boolean

Specific attributes for fc:org.

eduOrgLegalName
Mandatory in Feide 1.5.1
Organization's legal name obtained from eduPersonOrgDN:eduOrgLegalName
norEduOrgNIN
Mandatory in Feide 1.5.1
Organizational number obtained from eduPersonOrgDN:norEduOrgNIN
Example: NO976820037
mail
Mandatory in Feide 1.5.1
Organization's mail obtained from eduPersonOrgDN:mail
telephoneNumber
Recommended in Feide 1.5.1
A multi-valued attribute, directly inherited from eduPersonOrgDN:telephoneNumber
postalAddress
Recommended in Feide 1.5.1
Postal address obtained from eduPersonOrgDN:postalAddress
eduOrgHomePageURI
Postal address obtained from eduPersonOrgDN:eduOrgHomePageURI
eduOrgIdentityAuthNPolicyURI
Location of organization's policy regarding identification and authentication. Obtained from eduPersonOrgDN:eduOrgIdentityAuthNPolicyURI
eduOrgWhitePagesURI)
The URL of the open white pages directory service for the organization eduPersonOrgDN:eduOrgWhitePagesURI)
facsimileTelephoneNumber
eduPersonOrgDN:facsimileTelephoneNumber
l
Organization's location eduPersonOrgDN:l
labeledURI
Labeled URI to organization eduPersonOrgDN:labeledURI
norEduOrgAcronym
Acronym for the organization eduPersonOrgDN:norEduOrgAcronym
norEduOrgUniqueIdentifier
Organization's unique identifier eduPersonOrgDN:norEduOrgUniqueIdentifier
postalCode
Organization's postal code eduPersonOrgDN:postalCode
postOfficeBox
Organization's postal office box eduPersonOrgDN:postOfficeBox
street
Organization street address eduPersonOrgDN:street

Membership attributes

basic
This value may be member, admin or owner.
When populated from eduOrg/OrgUnit, this value is admin for employees, and member for all others.
displayName
A human readable descriptive name of the membership to the group.
affiliation
Mandatory in Feide 1.5.1
The user's affiliation to this org. Obtained from eduPerson. eduPersonAffiliation
primaryAffiliation
Mandatory in Feide 1.5.1
The user's primary affiliation to this org. Obtained from eduPerson. eduPersonPrimaryAffiliation
manager
Optional in Feide 1.5.1
Obtained from eduPerson manager
title
Optional in Feide 1.5.1
Obtained from eduPerson title
telephoneNumber
Obtained from eduPerson
mail
Obtained from eduPerson

Example 1: Employee in UNINETT

In the following example, an employee of UNINETT:

{
	"name": "Andreas Åkre Solberg"
}

is member of the UNINETT group:

{
	"id": "fc:org:uninett.no",
	"type": "fc:org",
	"displayName": "UNINETT",
	"public": true,
	"eduOrgLegalName": "UNINETT AS",
	"norEduOrgNIN": "no968100211",
	"mail": "info@uninett.no",
	"telephoneNumber": "+47 73557900",
	"eduOrgHomePageURI": "http://www.uninett.no/",
	"l": "Trondheim",
	"membership": {
		"basic": "admin",
		"displayName": "Ansatt",
		"affiliation": ["employee", "member"],
		"primaryAffiliation": "employee",
		"title": "Senior Technical Architect",
		"telephoneNumber": "+47 73557894",
		"mail": "andreas.solberg@uninett.no"
	}
}

and is member of a group for the ASM department:

{
	"id": "fc:org:uninett.no:unit:avd-u20",
	"type": "fc:orgunit",
	"displayName": "Avdeling for System og Mellomvare",
	"norEduOrgAcronym": "ASM",
	"public": true,
	"mail": "asm@uninett.no",
	"membership": {
		"basic": "admin",
		"displayName": "Ansatt",
		"affiliation": ["employee", "member"],
		"primaryAffiliation": "employee"
	}
}

Example 2: teacher at two schools

In the following example, a teacher:

{
	"name": "Anne Istad"
}

is teaching at two schools, both schools with the same school owner Oslo Kommune

{
	"id": "fc:org:oslo-kommune.no",
	"type": "fc:org",
	"orgType": "primary_and_lower_secondary_owner",
	"displayName": "Oslo kommune",
	"public": true,
	"eduOrgLegalName": "Oslo Kommune",
	"norEduOrgNIN": "no976820037",
	"mail": "info@oslo-kommune.no",
	"membership": {
		"basic": "admin",
		"displayName": "Lærer",
		"affiliation": ["employee", "member", "faculty"],
		"primaryAffiliation": "employee",
		"mail": "annei@oslo-kommune.no"
	}
}

The two schools are also represented as groups:

Alna grunnskole

{
	"id": "fc:org:oslo-kommune.no:unit:no876326125",
	"type": "fc:org",
	"orgType": "primary_and_lower_secondary_owner",
	"parent": "fc:org:oslo-kommune.no",
	"displayName": "Alna grunnskole",
	"eduOrgLegalName": "Alna grunnskole",
	"norEduOrgNIN": "no876326125",
	"mail": "alnags@oslo-kommune.no",
	"membership": {
		"basic": "admin",
		"displayName": "Lærer",
		"affiliation": ["employee", "member", "faculty"],
		"primaryAffiliation": "employee"
	}
}

and Bjerke grunnskole

{
	"id": "fc:org:oslo-kommune.no:unit:no876326126",
	"type": "fc:org",
	"orgType": "primary_and_lower_secondary",
	"parent": "fc:org:oslo-kommune.no",
	"displayName": "Bjerke grunnskole",
	"eduOrgLegalName": "Bjerke grunnskole",
	"norEduOrgNIN": "no876326126",
	"mail": "bjerkegs@oslo-kommune.no",
	"membership": {
		"basic": "admin",
		"displayName": "Lærer",
		"affiliation": ["employee", "member", "faculty"],
		"primaryAffiliation": "employee"
	}
}

Example 3: pupil at Frogner VGS

In the following example, a pupil:

{
	"name": "Thea Eide"
}

is studing at Frogner VGS, owned by Oslo Kommune

{
    "id": "fc:org:oslo-kommune.no",
    "type": "fc:org",
    "orgType": "upper_secondary_owner",
    "displayName": "Oslo kommune",
    "eduOrgLegalName": "Oslo kommune",
    "mail": "post@test.feide.no",
    "norEduOrgNIN": "NO976820037",
    "membership": {
        "basic": "member",
		"displayName": "Elev",
		"affiliation": ["student", "member"],
		"primaryAffiliation": "student"
    }
}

A group representing the school Frogner VGS

{
    "id": "fc:org:oslo-kommune.no:unit:NO895395126",
    "type": "fc:org",
    "orgType": "upper_secondary",
    "displayName": "Frogner VGS",
    "public": true,
    "parent": "fc:org:feide.no",
    "active": true,
	"membership": {
		"basic": "member",
		"displayName": "Elev",
		"affiliation": ["student", "member"],
		"primaryAffiliation": "student"
	}
}

Organization Unit

An organization unit can be any kind of departments or parts of an organization.

Group attributes

Attributes from VOOT Core.

type
fc:orgunit
id
A unique identifier of the organization unit.
parent
Points to the identifier of the organization.
displayName
A human friendly name of the organization unit. Obtained from eduPersonOrgUnitDN:ou
Datatype: Translatable String
description
A textual description of the group (optional). It may be translated as well.
Leave out this field rather than replicate the name of the organization.
Datatype: SCIM String
public
This flag will always be true for organization units.
A boolean flag indicating whether the existence of this group and the basic group information is publicly available. Users may search and use groups in setting access control, even if they are not member of a group.
Datatype: SCIM Boolean
active
Will always be true for organization units that are currently active.
Datatype: SCIM Boolean

Specific attributes for fc:org.

eduOrgLegalName
Mandatory in Feide 1.5.1
Organization's legal name obtained from eduPersonOrgDN:eduOrgLegalName
norEduOrgNIN
Mandatory in Feide 1.5.1
Organization number obtained from eduPersonOrgDN:norEduOrgNIN
Example: NO976820037
mail
Mandatory in Feide 1.5.1
Organization's mail obtained from eduPersonOrgUnitDN:mail
telephoneNumber
Recommended in Feide 1.5.1
A multi-valued attribute, directly inherited from eduPersonOrgUnitDN:facsimileTelephoneNumber
postalAddress
Recommended in Feide 1.5.1
Postal address obtained from eduPersonOrgUnitDN:postalAddress
facsimileTelephoneNumber
eduPersonOrgUnitDN:facsimileTelephoneNumber
l
Organization's location eduPersonOrgUnitDN:l
norEduOrgAcronym
Acronym for the organization eduPersonOrgUnitDN:norEduOrgAcronym
postalCode
Organization's postal code eduPersonOrgUnitDN:postalCode
postOfficeBox
Organization's postal office box eduPersonOrgUnitDN:postOfficeBox
street
Organization's street address eduPersonOrgUnitDN:street

Membership attributes

basic
This value may be member, admin or owner.
When populated from eduOrg/eduOrgUnit, this value is admin for employees, and member for all others.
primaryOrgUnit
A boolean flag telling whether the current user is primarily affiliated with this org unit. An user will only have one primary affiliation to an org unit.

Example:

{
    "displayName": "Avdeling for System og Mellomvare",
    "id": "fc:org:uninett.no:unit:AVD-U20",
    "parent": "fc:org:uninett.no",
    "type": "fc:orgunit",
    "membership": {
        "primaryOrgUnit": true,
        "basic": "member"
    },
    "public": true
}

Ad hoc groups

Ad hoc groups can be created by any user.

Ad hoc groups are managed through the Dataporten Groups app

Group attributes

Attributes from VOOT Core.

type
voot:ad-hoc
id
A unique identifier of the ad hoc group, typically a prefixed UUID like this
fc:adhoc:902d87a4-03ed-46cb-96ef-b7bef2763232.
displayName
A human friendly name of the group. Provided by the group creator.
Datatype: Translatable String
description
A textual description of the group (optional). It may be translated as well. Provided by the group creator.
Datatype: SCIM String
public
An ad hoc group can be both public and private, depending on the settings added by the group administrators.
Datatype: SCIM Boolean

Membership attributes

basic
This value may be member, admin or owner.
displayName
A human readable descriptive name of the membership to the group.

Example of an ad hoc group

{
    "type": "voot:ad-hoc",
    "description": "Testing demo",
    "displayName": "A new group",
    "id": "fc:adhoc:902d87a4-03ed-46cb-96ef-b7bef2763232",
    "membership": {
        "basic": "owner"
    }
}
Specific for education in Norway.
Text is in norwegian.

Undervisningsgrupper

Undervisningsgrupper, basisgrupper og andre grupper i grunnskolen.

Gruppetypen er spesifikk for grunnopplæringa og er ikke tilgjengelig for brukere i høyere utdanning.

Undervisningsgrupper i Dataporten hentes via Feide-katalogen i henhold til spesifikasjonen «Format for gruppeinformasjon gjennom Feide for grunnopplæringa» som inngår i Feides skjema versjon 1.6.

Mer informasjon for vertsorganisasjoner om koding av grupperidentifikatorer i Feide-katalogen

Group attributes

type
fc:gogroup
id
A unique identifier of the group.
displayName
A human friendly name of the group. Provided by the group creator.
Datatype: Translatable String
parent
En peker på identifikatoren for skolen. Dette kan f.eks. være: fc:org:feide.no:unit:NO895395126.
go_type
Undervisningsgrupper kan settes til å være en av tre definerte typer. go_type settes til en enbokstavsindikator for type gruppe. Definerte verdier er:
b: Basisgruppe
u: Undervisningsgruppe
a: andre grupper, for eksempel kontaktlærer-, lab-, spesialundervisningsgrupper eller lignende (valgfritt)
go_type_displayName
Menneskelesbar tekst for gruppetypen definert i go_type. Verdien kan f.eks. være basisgruppe.
notBefore
The group did not exist before this date.
Datatype: SCIM DateTime
notAfter
The group is deleted or not valid after this date.
Datatype: SCIM DateTime
grep
En referanse til fag representert som et JSON-objekt, med to attributter, code og displayName.
code henviser til en gyldig GREP-kode for fag.
displayName er et mennekselesbart beskrivende navn på faget.

Eksempel på referanse til Matematikk 1T som har GREP-fagkoden MAT1013.

{
    "code": "MAT1013",
    "displayName": "Matematikk 1T"
}

Membership attributes

basic
This value may be member, admin or owner.
displayName
A human readable descriptive name of the affiliation to the group.
role
(endres til affiliation)
Personens rolletilhørighet til undervisningsgruppen. Lovlige verdier er:
student for elev
faculty for lærer
staff for ansatt uten undervisningsansvar.
affiliate for person som er løsere tilknyttet gruppen og uten å være ansatt eller elev.

Basisgruppe

{
    "membership": {
        "basic": "admin",
        "role": "faculty"
    },
    "displayName": "Klasse 1SFA",
    "go_type_displayName": "basisgruppe",
    "type": "fc:gogroup",
    "notAfter": "2015-06-15T00:00:00Z",
    "notBefore": "2014-08-01T00:00:00Z",

    "id": "fc:gogroup:feide.no:b:NO895395126:1SFA:2014-08-01:2015-06-15",
    "parent": "fc:org:feide.no:unit:NO895395126"
}

Undervisningsgruppe

{
    "membership": {
        "basic": "admin",
        "role": "faculty"
    },
    "displayName": "Matematikk 1TA VG1 studieforberedende",
    "go_type_displayName": "undervisningsgruppe",
    "type": "fc:gogroup",
    "notAfter": "2015-06-15T00:00:00Z",
    "notBefore": "2014-08-01T00:00:00Z",
    "go_type": "u",
    "grep": {
        "code": "MAT1013",
        "displayName": "Matematikk 1T"
    },
    "id": "fc:gogroup:feide.no:u:NO895395126:1TA-MAT1013:2014-08-01:2015-06-15",
    "parent": "fc:org:feide.no:unit:NO895395126"
}
Specific for education in Norway.
Text is in norwegian.

Kull

Alle studenter innenfor et studieprogram som har felles forventet avgangsår.

Gruppetypen er spesifikk for høyere utdanning.

Type ID fc:kull

Forslag til identifikator: fc:kull:ntnu.no:siving-bygg:2009

Alle studenter innenfor et studieprogram som er tatt opp et gitt år.

Kan identifiseres av følgende:

  • Person er student
  • Tilhørighet til organisasjon {x}
  • Tilhørighet til studieprogram {y}
  • Opptaksår {z}

Eskempel

{
    "id": "fc:kull:fssbkurs.no:TS-MN1:2015V",
    "displayName": "2015 v\u00e5r",
    "parent": "fc:prg:TS-MN1",
    "type": "fc:kull",
    "membership": {
        "fsroles": [
            "STUDENT"
        ],
        "displayName": "Student",
        "basic": "member"
    }
}
Specific for education in Norway.
Text is in norwegian.

Klasse

Klasser er en mindre inndeling enn kull innenfor en et studieprogram.

Gruppetypen er spesifikk for høyere utdanning.

Type ID fc:klasse

Forslag til identifikator: fc:klasse:ntnu.no:siving-telematikk-sikkerhet:1234

Kan identifiseres av følgende:

  • Person er student
  • Tilhørighet til organisasjon {x}
  • Tilhørighet til klasse {y}

I tillegg kan disse gruppene kobles til andre grupper:

  • Klasse er knyttet til organisasjon
  • Klasse er knyttet til studieprogram
  • Klasse er knyttet til (kanskje) studieretning

Klasse

{
    "type": "fc:klasse",
    "membership": {
        "fsroles": [
            "STUDENT"
        ],
        "notAfter": "2014-01-01T10:12:04Z",
        "basic": "member",
        "active": false,
        "displayName": "Student"
    },
    "id": "fc:klasse:fssbkurs.no:TS-MN1:2014V:A",
    "parent": "fc:kull:fssbkurs.no:TS-MN1:2014V",
    "displayName": "2014 v\u00e5r"
}
Specific for education in Norway.
Text is in norwegian.

Studieprogram

Gruppetypen er spesifikk for høyere utdanning.

Type ID fc:prg

Forslag til identifikator: fc:prg:ntnu.no:siving-bygg

Alle studenter innenfor et studieprogram uavhengig av når de er tatt opp.

Kan identifiseres av følgende:

  • Person er student
  • Tilhørighet til organisasjon {x}

Studieprogram

    {
        "type": "fc:prg",
        "membership": {
            "fsroles": [
                "STUDENT"
            ],
            "notAfter": "2014-03-26T00:00:00CET",
            "basic": "member",
            "active": false,
            "displayName": "Student"
        },
        "id": "fc:prg:fssbkurs.no:HFB3-SPR",
        "parent": "fc:org:fssbkurs.no",
        "displayName": "Spr\u00e5k 3"
    }
Specific for education in Norway.
Text is in norwegian.

Studieretning

Studieretning er ennå ikke ferdig implementert.

Ta kontakt for oppdatert status på dette.

Studieretning representerer en spesialisering innenfor et studieprogram.

Gruppetypen er spesifikk for høyere utdanning.

Type ID fc:str

Forslag til identifikator: fc:str:ntnu.no:siving-telematikk-sikkerhet

Alle studenter innenfor en studieretning uavhengig av når de er tatt opp.

Kan identifiseres av følgende:

  • Person er student
  • Tilhørighet til organisasjon {x}
  • Tilhørighet til studieretning {y}

I tillegg kan disse gruppene kobles til andre grupper:

  • Studieretning er knyttet til organisasjon
  • Studieretning er knyttet til studieprogram
  • Studieretning er knyttet til Sted (fakultet, institutt)
Specific for education in Norway.
Text is in norwegian.

Emner

Tilknytning til emner / fag ved institusjonen.

Gruppetypen er spesifikk for høyere utdanning.

Type ID fc:emne

Forslag til identifikator: fc:emne:ntnu.no:sie5080

Et emne er et fag som en student kan være undervisningsmeldt i. En faglærer er også tilknyttet emner man underviser i.

Kan identifiseres av følgende:

  • Tilhørighet til organisasjon {x}
  • Har tilknytning {z} til emne {y}

Tilleggsinformasjon:

  • Hvilket semester er man knyttet til faget.

Mulige tilknytninger er f.eks.

  • Student
  • Faglærer

I tillegg kan disse gruppene kobles til andre grupper:

  • Emne er knyttet til organisasjon
  • Emne er knyttet til fakultet
  • Emne er knyttet til institutt

Emne

    {
        "id": "fc:emne:fssbkurs.no:THTEST18-1",
        "parent": "fc:org:fssbkurs.no",
        "displayName": "Testemne 18",
        "type": "fc:emne",
        "membership": {
            "fsroles": [
                "STUDENT"
            ],
            "subjectRelations": "vurdering",
            "displayName": "Student",
            "basic": "member",
            "active": true
        }
    }